Ensure that all the Microsoft Azure Storage accounts configured to host static websites are regularly reviewed for security and compliance purposes. Upon enabling this rule on your Cloud Conformity console, you must specify the storage account or the list of storage accounts that are expected to host static content (HTML, CSS, JavaScript and image files).
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
To host static websites using Microsoft Azure Storage service, you need to configure a storage account as web hosting container by adding the necessary configuration. By regularly reviewing the Azure Storage accounts configured to host static websites you make sure that only the desired storage containers are accessible from the primary website endpoint.
Audit
To identify all Azure Storage accounts that host static websites, for reviewing, perform the following actions:
Remediation / Resolution
When the static website hosting feature is disabled at the storage account level, Microsoft Azure Storage service removes the website configuration from your storage account so that the web container that serves the static files is no longer accessible from the website endpoint. To disable this feature for all the reviewed storage accounts that are not allowed to host static websites, perform the following actions:
References
- Azure Official Documentation
- Static website hosting in Azure Storage
- Host a static website in Azure Storage
- Azure PowerShell Documentation
- az storage account list
- az storage blob service-properties show
- az storage blob service-properties update